With the advent of the Internet, the number of on-line transactions has increased dramatically. With this increase, concerns for the security of transactions, the authentication of the parties to the transaction, the non-repudiation of the transaction, and the authentication and validation of devices used in such transactions have also risen. In response to these concerns, a public key infrastructure (PKI) was developed in which digital certificates and a related cryptographic key pair are issued by certificate authorities (CAs) to individuals and institutions involved in electronic commerce (e-cornmerce) by way of open networks such as the Internet. These certificates serve the purpose of authenticating the identity of both parties to a transaction, providing for the non-repudiation of the transaction, and are associated with key pairs by which encryption of transactions carried out over the Internet can be performed. The evolution of PKI infrastructure-type transactions has developed dramatically over the past few years.
The first stage of PKI used certificates bound to the identity of individuals. In this first stage, the user was required to request and download a certificate, which could then be used in conjunction with its related cryptographic key pair for secure authenticated Internet transactions. Each user would pay for his own cryptographic key pair and certificate. This first stage of PKI infrastructure provided direct personal identification of people involved in Internet transactions. In addition, the cost associated with obtaining a single certificate is relatively low.
The second stage of the PKI evolution allowed for institutions to request certificates on behalf of people about whom they had some special knowledge. For example, a bank or other similar organization could request a PKI certificate on behalf of one of its customers or members. This certificate would be bound to the identification information of the person on whose behalf the certificate was requested, and the identification information would be provided by the requesting organization. A certificate and an associated cryptographic key pair would then be issued on behalf of the person to the organization requesting the certificate, and the certificate would be issued to a user, possibly in the form of a token. Examples of tokens which can store certificate information include, smart cards, smart keys, and other hardware devices capable of storing the private key and digital certificate (or reference to a digital certificate) in memory. The cost of the certificate, initially paid by the requesting organization, could be recovered as a user would pay for services or devices (e.g., the tokens whereon the certificate and cryptographic key pair was stored) from the requesting organization.
Thus, in the second stage of the PKI evolution, the process of obtaining a certificate was transparent to a user, as the user was not required to request and/or download a certificate. Therefore, the second stage of PKI evolution was easier to use than the first stage, and received less resistence from customers.
The third stage of the PKI evolution represented a fundamental shift in the manner in which digital certificates were issued. In the first two stages, a digital certificate was bound to a specific person's identification. In the third stage, however, the digital certificate was bound to a device identification number. In the third stage of the PKI evolution, a manufacturer of devices to be used in Internet commerce requests certificates for each device which it has manufactured. The manufacturer then maintains records regarding each device, and its status, so that when the certificate corresponding to that device is used, one can authenticate the device, verify that the device was operating properly, and verify that its certificate has not been revoked. The device, by way of its certificate, is able to open a secure communication link, whereby the device can communicate securely with other devices on the network to which it is connected.
One example in which the third stage of the PKI evolution may be utilized is in the realm of mobile telephony. Specifically, for example, the third stage may be used in the global system for mobile communications (GSM), wherein each phone operating on the network contains a subscriber identity module card, which is commonly referred to as a SIM card or smart card. The SIM card may contain information regarding the user account of the user to whom the SIM card has been assigned. A user can then remove his or her SIM card, and insert it in a new phone, which will immediately begin to function according to the user identification and preferences retained in memory within the SIM card. In this model, the service provider, or telephone service carrier, is the organization that requests a certificate for each device, which in this case is stored within each SIM card. By way of the SIM card, users of global telephones within the GSM system may readily perform secure transactions over a wireless network, such as a network using the wireless application protocol (WAP), for example, by using a cryptographic key pair which may be associated with and/or stored in the SIM card.
The third stage of the PKI evolution has found success in numerous environments in which smart cards are utilized. As mentioned above, smart cards are used in the GSM system worldwide. However, smart cards are also useful in banking, and other commercial environments. Smart cards are a logical choice for the device to which a certificate may be bound as they are trusted among a variety of different environments, such as wireless networks and payment networks, and are trusted within many digital signature laws. Additionally, smart cards are a logical choice as they have been academically and field tested for security. Smart cards usually require a two-factor authentication process, which involves both something that the user knows and something that the user possesses. Usually, in the smart card environment, the user possesses the card, and knows a personal identification (PIN) or some type of password. The third stage of the PKI evolution presented the user with a familiar business model, much like receiving an automated teller machine (ATM) card, credit card, or the like.
Various problems exist with all three of the previous stages of the PKI evolution mentioned above, however. First, using certificates to identify each device on a communications network, as in the third stage where devices are mass produced, is costly. This is because the PKI was developed with the model of the first stage in mind, where each person retained a digital certificate, paid for the certificate himself, and often required no more than one. However, with certificates being assigned to devices, there are separate certificates for each device used. Thus, a person may require a large number of devices, over the course of his or her lifetime, each of which may require a digital certificate for secure transactions over a communication network. Therefore, the expense for many such devices can become too high, and would stymie the flow of Internet commerce requiring digital certificates. Also, if this certificate is paid for by the device manufacturer, the number of devices manufactured, and therefore the cost of providing a certificate for each device, may be staggering.
A second problem regarding the third stage of the PKI evolution is that the identity of a user, and the key pair related to the user's identity, must be added to the device after the device is manufactured. This presents security and authentication concerns, as an illegitimate user could potentially add his or her fraudulent key pair to the device after manufacture, and thereby defraud the network while using a trusted device.
Third, because the network over which devices are generally used is open, the device must be certified (or trusted) to allow secure communication over the open network. This is an important consideration as no secure services could be added via a communication link over an open network without two trusted endpoints. Thus, both the server and the device must be certified (or trusted). Some such desired secure services may include, for example, distributing encryption keys, adding user identities, and/or delivering private data, such as user preferences or profiling information.
Accordingly, it is desirable to develop a system using a PKI infrastructure that is capable of solving each of the aforementioned problems. Specifically, it would be desirable to develop a PKI system that is capable of minimizing the cost of certificates issued to devices and increasing security associated with generating a key pair of a user (i.e., a “user key pair”) associated with the device, and providing a technique whereby user preference and profile information may be quickly and readily transmitted.